formbook | fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef | Triage

Sharing

General

Target

fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef
Size

297KB
Sample

230206-rxwv8shf51
MD5

af2b8f5ab74b832d8afdeb31bbbedf7a
SHA1

843c977f2763e00215798252df9d72e705be2049
SHA256

fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef
SHA512

d01f8c2d03e4ea2db7e4c308e45e99cdabddae25a4260d685d00c57fd515b6a011683cdb6ef9beb7ab3c5997d2aead36dbff0d0cda1dec141e95b12b0b345ce1
SSDEEP

6144:nYa6cjfjA7IUkIDhzdQoz9FDJuWYtfX5Nyu6YtSXiOJF:nYYfSxkDcuWwHdsn

Score

10^/10

formbook rs11 rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs11

Decoy

brigtsidefinancial.com

kotteri-mannish.com

black-iron-fences-bros.com

fnixo.com

gondes.net

cutleryknives-store.com

cabledahmercadillacvip.com

redstaing.com

cateri.africa

cgadminservices.com

wilwin.net

moteru40.net

floraandfate.com

aram-eyes.com

bcrazy55.com

courierpay.buzz

discovervielven.com

mymansshirt.com

junglesmp.online

classic-workshop.com

Targets

- Target
  
  fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef
- Size
  
  297KB
- MD5
  
  af2b8f5ab74b832d8afdeb31bbbedf7a
- SHA1
  
  843c977f2763e00215798252df9d72e705be2049
- SHA256
  
  fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef
- SHA512
  
  d01f8c2d03e4ea2db7e4c308e45e99cdabddae25a4260d685d00c57fd515b6a011683cdb6ef9beb7ab3c5997d2aead36dbff0d0cda1dec141e95b12b0b345ce1
- SSDEEP
  
  6144:nYa6cjfjA7IUkIDhzdQoz9FDJuWYtfX5Nyu6YtSXiOJF:nYYfSxkDcuWwHdsn
Score

10^/10

formbook rs11 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbookrs11ratspywarestealertrojan

behavioral2

formbookrs11ratspywarestealertrojan